Manage Learn to apply best practices and optimize your operations.

Build 1709 Gains Easier Update Log Access

A nice but subtle improvement will appear in the Fall Creators Update for Windows 10. Otherwise known as Build 1709, this release makes Windows Update log files more readable. Using the Get-WindowsUpdateLog PowerShell cmdlet, admins and power users can translate event trace log (ETL) files into human-readable form quickly and easily. Because Build 1709 gains easier update log access, IT pros can parse and troubleshoot update issues with greater dispatch. I uncovered this enhancement at Redmond Magazine, in a 10/10/17 article entitled “Microsoft Improving Windows 10 Log File Access with Fall Creators Update.”

Explaining How Build 1709 Gains Easier Update Log Access

The MS Support article “How to read Windows Update logs in Windows 10 Version 1607” explains things nicely. Windows 10 stores update logs in a compact binary form using Event Tracing for Windows (ETW). While this generates logs faster and reduces disk space consumption, those logs are not “readable as written.” In fact, the PowerShell Get-WindowsUpdateLog cmdlet translates the ETL logs from binary into human readable form. The following snippet from Notepad shows what the output from the cmdlet looks like:

This snippet shows output from the Download Manager, reporting that it finds no expired update files to expunge, and 14 unexpired updates still in effect.

However, for it to work in Windows 10 versions through 1703, the cmdlet must access the Microsoft Internet Symbol Store. This lets it associate module and service names with binary handles in the Update logs. The newest version no longer requires that users link to the symbol store in advance, nor that the cmdlet commence operations by reading fresh symbols.

The MS Internet symbol store resides at URL One can use the .symfix command on systems with relatively speedy Internet links. Otherwise, MS recommends users install symbol files locally as described in Installing Windows Symbol Files. The syntax for the .symfix command is:

.symfix+ DownstreamStore

But with the Fall Creators Update such contortions will no longer be required. Instead Get-WindowsUpdateLog will handle such things automatically by itself. Perhaps a small step in the direction of usability, but a welcome one nonetheless! This already works like a champ in the Insider Preview, as I confirmed for myself this morning. That’s how I grabbed the preceding text snippet.